Microsoft says not planning to build data center in Korea

Concerns rise about security of Korean users’ information

A Windows operating system logo sits on display outside Microsoft Corp.’s new store in Germany. (Bloomberg)

Despite the calls that the data of Korean Microsoft users should be stored locally, the global tech giant has no plans to build a data center here, Microsoft Korea said Tuesday.

“We have no plans to build a data center in Korea for the time being,” a company spokesperson said.

And because there is no data center, it means that the data on all business and personal users of Microsoft is sent to data centers in Singapore and Hong Kong.

The lack of a data storing and processing facility has become a bone of contention, as Microsoft cannot implement the data security reinforcement rules it put in place earlier. Microsoft had said last month that it would allow customers outside the United States to choose where to store their data in response to concerns about allegations of the multinational company feeding customer information to the U.S. National Security Agency.

In theory, all information of Korean users, regardless of where it is stored, should be protected by Korean information-related laws, but in practice, the data may be subject to overseas laws depending on the type of contracts the companies have signed regarding data protection, according to Korea Internet & Security Agency.

“Storing information overseas may be inevitable these days. The point is that how the information is managed and protected is more essential. The government’s role is important here,” said Lim Jong-in, a professor at Korea University Graduate School of Information Security.

However, the Korea Communications Committee, which recently handed down fines to Google Korea for Street View, has no plans to deal with the issue yet.

The KCC’s Privacy Protection and Ethics Division head Ban Sang-kwon said, “It is true that Korea’s administrational influence cannot be reached once data is sent overseas.”

“We are trying to have international cooperation by, for instance, joining Cross-Border Privacy Rules. Still, as they are nonbinding, a local government’s law takes priority,” he added.

Microsoft Korea said the company does not provide information to the U.S. government without the demand from a local country’s court or summons to request account information. However, data policy specialists said that because Microsoft is a U.S. firm, it should comply when the NSA asks for information.

Last June, whistle-blower Edward Snowden claimed that Microsoft collaborated with the NSA to allow access to individuals’ communications and data processed by the company. The document revealed by the former Central Intelligence Agency employee showed that Microsoft provided information such as users’ email, chats, videos, Internet calls and video conferences.